This is the fifth part of an ongoing series. The series is titled The Data Stewardship Approach to Data Governance. For information regarding future chapters, please use my contact information below. Previous articles were titled The Data Won’t Govern Itself, Data Governance Is NOT a Methodology, The Tools of Data Governance, and Organizationally, Where Does Data Governance Fit?
In the book The 7 Habits of Highly Successful People: Powerful Lessons in Personal Change (Free Press; 1st edition – 1990), Stephen Covey includes “Begin with the end in mind” as one of the habits. Beginning with the end in mind is not just a habit of highly successful people. This is also a habit of highly successful organizations.
Think about it. Most people aim before firing a gun (beginning with the end in mind). Mapquest.com can only give you directions if you tell it where you are heading (beginning with the end in mind). It makes sense to build an action plan before you try to accomplish anything. When building an action plan for a data governance program, it also makes sense to map out what you want to accomplish, what the future state will look like, and the future behavior of the organization. This future state of data governance can take the form of best practices.
Data governance best practices are defined as the basis and guideline for the execution of a data governance program. Organizations that successfully implement data governance programs begin by defining a limited series of best practices. Once the best practices are defined, a gap-risk assessment must be completed to identify the differences (gap) between the defined data governance best practices and present practices, and the risks (and potential risks) associated with the gap prior to defining an action plan for delivering the data governance program.
The steps to a best practice assessment include:
- Define best practices
- Perform discovery – conduct interviews and meetings (to share/receive input on the best practices)
- Record strengths (present practices that support the best practices)
- Record opportunities to improve (present practices that do not support the best practices)
- Report the gaps (between the best practices and present practices)
- Report the risks and potential risks
- Prepare the action plan (to eliminate/reduce the gaps and address the risks)
What follows is a brief discussion of each of the steps:
Define Best Practices
When defining best practices, you should ask the following questions:
- For each best practice, is it possible to implement given your current situation? If not, reconsider this as a best practice.
- Is the program at-risk or doomed to failure if the best practices are not accomplished?
- Are these practices something that other people in your organization will agree with and will follow?
The truth is that you must be able to answer yes to all of these questions for the practices to be considered best practices. Keep this in mind as you read the few sample best practices in the insert portion of this article. Consider whether or not these questions would be answered yes by your organization regarding the sample best practices. Perhaps the sample best practices could be considered best practices for your organization.
Perform Discovery – Conduct Interviews and Meetings
It is important to review the best practices (and to see where your organization stands in comparison with the best practices) with both business and technical people within your organization. The best way to do this is through interviews and Q&A; with a fair representation of business management, people that will be identified as data stewards and IT management.
Distribute the best practices to the appropriate people prior to the meetings to give them a chance to form an opinion, whether positive or negative. Remember that best practices should be worded in such a way that they are easy to understand and can be agreed upon easily. This, in itself, will provide a good starting place for your meeting and will reduce the time required for the meeting. Typically, if best practices are written so that people will answer “yes” to the questions (provided earlier in this article), you will get suggestions on how to reword the practices rather than negative feedback. The best practices should be “no-brainers” in theory. It is often helpful to include the three questions when you distribute the best practices for review before the meeting.
In the meetings, ask the participants to tell you what they believe the organization (or their part of the organization) is presently doing that aligns with the best practices. Also ask them what they believe is impeding the ability to follow best practices and where there is room for reasonable improvement (opportunities to improve). This will feed into the next steps of the assessment.
This seems rather obvious, but it worthy of a brief mention. It is important to leverage those strengths that you find through the discovery step. The focus here is to identify and record those activities, both of stewards and processes that support the best practices, that you have defined for your organization. The recording aspect of this step is extremely important for two reasons:
- The recorded strengths can be used as a solid starting point. Where there are already people performing the role of data steward, let’s not change that. Where there are processes that support the defined best practices defined, let’s not change that either. The list of strengths can be a starting point for discussion with people that will become data stewards, and they can be used to let people know that they should not feel threatened by the future data governance behavior.
- The recorded versions or the strengths can be used to demonstrate and “sell” to senior management that there is a basis of data governance that is already in place and that the action plan (the last step) will not change things that do not have to be changed. As Lucius Cary (we all know who he is) once said, “When it is not necessary to change, it is necessary not to change.”
Record Opportunities to Improve
The term “opportunity to improve” is often considered the “politically correct” way to say “weaknesses in our present environment.” Actually, it says more than that. It articulates the specific areas that can be addressed that do not align with best practices that you have defined. See #2 above and use this to “sell” senior management as well.
Recording areas where improvement is necessary will play a very important role in the development of the action plan. The action plan will consist of the steps that that will be followed to address the opportunities to improve.
Report the Gaps
This is another important step. Use the information collected and recorded in the previous two steps to report the gap between your present environment and the best practice environment communicated earlier. This may seem obvious, but because some companies seem to prefer the “ready, fire, aim” (sic) approach, I figured this was worth mentioning.
Make certain that you report the gaps in a positive way. Certainly make mention of the specific strengths in this report, and “sell” the idea that taking advantage of the “opportunities” mentioned in the previous step are exactly that – opportunities for the organization to become better at managing its data.
Report the Risks
Again, this is a very important step. This is where most senior managers will focus and may be the part of the assessment that is the first they want to assess: “Where are we at risk? In the areas of compliance? Security? Privacy? Identity theft? Record retention? Disaster recovery?” This reporting of the risks should be directly associated to the opportunities to improve and may be the biggest “selling” item for senior management. Many organizations’ data governance programs are coordinated by the group that is responsible for mitigating and/or eliminating risk.
Knowing where you organization is at risk, or even speculating where your organization is presently at risk, can be an important contributor to the questions that are asked of the business and technical people in your organization in the discovery step. It can also be a large contributor in the effort of “selling” senior management on the key concepts of data governance and the need to formalize a data governance program.
Prepare the Action Plan
At this point, you have defined data governance best practices for your organization, you have identified those things that you are doing the support the best practices, you have identified the opportunities for your organization to improve, you have reported the gaps between where you are and where you are going, and you have articulated the risks associated with the gaps. The action plan should practically write itself, right?
Well, it’s not necessarily that easy. The action plan should include “do-able” steps that address the opportunities to improve. These steps should be prioritized, communicated and resourced (a topic for another day). You may want to consider tying the planned steps back to the rest of the assessment report.
The action plan should be written in such a way that it, again, accentuates the positive. The action plan must be achievable given the present resource situation and activities of your organization. The action plan must be communicated to those people that are stakeholders in the governing of data in your organization (basically everybody). The action plan must be followed and the results of following the plan must be communicated as well.
Starting by building best practices customized for your organization and evolving to a solid action plan to arrive at data governance best practices (through the steps defined briefly in this article) is “beginning with the end in mind.” Honestly, I cannot see starting a data governance program in any other way.
KIK Consulting & Educational Services, a consultancy managed by the author of this article, recommends the steps defined in the article as the best way to begin a data governance program or to evaluate the effect of an existing data governance program. For information on how Bob Seiner and KIK Consulting can assist you in following these steps, please contact the author at the contact information below.